Hackers are using more sophisticated means to hide malicious code and targeting web 2.0 technologies, said web security vendor, Finjan.
The UK-based security company revealed its findings on web-based malware activity during the fourth quarter of 2006 as discovered by its Malicious Code Research Center (MCRC).
The report focuses on dynamic code obfuscation as a method to hide malicious code, a trend discovered by Finjan researchers that is growing in popularity among hackers as a means of bypassing traditional signature-based solutions in order to propagate malware.
It also describes recent specific incidents of sophisticated hacker attacks that take advantage of web 2.0 technologies to embed malicious code in high-traffic websites.
Finjan said, alongside examples in the report, that dynamic code obfuscation techniques were an especially insidious threat that undermines the ability of security vendors to detect and counter encrypted malicious code.
It said this entails providing each visitor to a malicious site with a different instance of obfuscated malicious code, based on random functions, parameter name changes and so on. To counter the threat, a conventional signature-based security solution would theoretically need millions of signatures to detect the existence of this particular piece of malicious code and to block it.
“This type of attack vector can easily bypass signature-based solutions like anti-virus and URL Filtering, which were not built to detect these types of dynamic web scenarios,” said Yuval Ben-Itzhak, Finjan’s chief technology officer.
“Currently, hackers have begun to take advantage of new web technologies to create complex and blended attacks,” he said. “With their creation of dynamic obfuscation utilities, which enable virtually anyone to obfuscate code in an automated manner, they have dramatically escalated the threat to web security. Businesses that rely solely on reactive security technologies are most likely exposed to such a risk.”
The Finjan report also details two recently publicised incidents in which hackers used the popular Wikipedia encyclopedia and MySpace social networking site to infect innocent users. It said these incidents provide real-world examples of the use of web 2.0 technologies to propagate malicious attacks, which uses malicious code on highly popular sites to infect innocent visitors to these sites.
The Finjan report also said 2006 saw the arrival of a diverse range of web-based infection techniques – including rogue anti-spyware, ransomware, and rootkits – that elude traditional security solutions geared to protect against email viruses and spam.
Another development in 2006 was the commercialisation of malicious code, as financial motivations play an increasing role in the evolution of malware. Motivated by financial gain, hackers are trading vulnerabilities in online auctions, commercialising products such as malicious website creation toolkits, and developing new distribution techniques, including spam, for the propagation of malicious code.
Looking forward to 2007, the Web Security Trends Report predicts that as Windows Vista and Internet Explorer 7.0 begin to achieve critical mass, these developments will likely trigger a new wave of exploits from professional hackers who have had time to prepare in advance for their arrival into a world of commericalised malware.